Security Application Block

Discussion in 'ASP .Net Security' started by John Childress, Mar 21, 2005.

  1. Anyone using the Security Application Block from the Enterprise Library?
    I have a rather embarassing situation where I've setup the database and
    configured my application to use this block. I have added users to the database
    using a web form, but I am unable to login using any of the new users I've
    created.

    Here is how I'm creating the user:

    public bool addNewUser(string username, string password, string firstName,
    string lastName, string email)
    {
    byte[] encryptedContents;
    encryptedContents = SHA1Managed.Create().ComputeHash(ASCIIEncoding.ASCII.GetBytes(password));

    // Create an instance of the database object
    Database database = DatabaseFactory.CreateDatabase();

    // Create the wrapper
    DBCommandWrapper addNewUserWrapper = database.GetStoredProcCommandWrapper("AddNewUser");

    // Setup the parameters
    addNewUserWrapper.AddInParameter("@username", DbType.String, username);
    addNewUserWrapper.AddInParameter("@password", DbType.Binary, encryptedContents);
    addNewUserWrapper.AddInParameter("@firstname", DbType.String, firstName);
    addNewUserWrapper.AddInParameter("@lastname", DbType.String, lastName);
    addNewUserWrapper.AddInParameter("@email", DbType.String, email);

    // Execute the query
    database.ExecuteNonQuery(addNewUserWrapper);

    return true;
    }

    Then in my login page I try to authenticate with the following:
    private void btnLogin_Click(object sender, System.EventArgs e)
    {
    if(Page.IsValid)
    {
    // Get the provider to authenticate with
    IAuthenticationProvider authenticationProvider = AuthenticationFactory.GetAuthenticationProvider("Database
    Provider");
    // An identity for later use
    IIdentity identity;
    byte[] passwordBytes;
    passwordBytes = ASCIIEncoding.ASCII.GetBytes(txtPassword.Text);
    // Create the credentials
    NamePasswordCredential credentials = new NamePasswordCredential(txtUsername.Text,
    passwordBytes);

    // authenticate
    if(authenticationProvider.Authenticate(credentials, out identity))
    {
    // log the users access time
    logUserAccessTime(txtUsername.Text);

    // Authorize and redirect the user
    System.Web.Security.FormsAuthentication.RedirectFromLoginPage(identity.Name,
    false);
    }
    else
    {
    lblError.Visible = true;
    lblError.Text = "Login failed.";
    }
    }
    else
    {
    lblError.Visible = true;
    lblError.Text = "Login failed. Page is not valid.";
    }
    }

    I always get "Login failed." for my error...

    Any suggestions?

    thanks,

    John
     
    John Childress, Mar 21, 2005
    #1
    1. Advertising

  2. Because the NamePasswordCredential class use
    Encoding.Unicode.GetBytes internally to encode, you have to use
    Encoding.Unicode.GetBytes and not ASCIIEncoding.ASCII.GetBytes.

    Dominic
    --
    POST BY: http://www.dotNET.us - Need .NET? Just ask, Please dotNET.us
     
    Dominic Morin, Mar 25, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Showjumper
    Replies:
    1
    Views:
    710
    Showjumper
    Mar 19, 2005
  2. =?Utf-8?B?QVZM?=

    Security application block

    =?Utf-8?B?QVZM?=, May 21, 2005, in forum: ASP .Net
    Replies:
    2
    Views:
    3,780
  3. morrell
    Replies:
    1
    Views:
    975
    roy axenov
    Oct 10, 2006
  4. Replies:
    0
    Views:
    366
  5. Michael Randrup
    Replies:
    3
    Views:
    315
    Henning Krause [MVP]
    Mar 27, 2006
Loading...

Share This Page